Unboxing Android: Everything you wanted to know about Android packers

Presented at DEF CON 25 (2017), July 30, 2017, 10 a.m. (45 minutes).

To understand the Android ecosystem today, one must understand Android packers. Whether used for protecting legitimate apps' business logic or hiding malicious content, Android packer usage is on the rise. Android packers continue to increase their efforts to prevent reverse engineers and static analysis engines from understanding what's inside the package. To do so they employ elaborate tactics, including state of the art ELF tampering, obfuscation and various anti-debugging techniques. In this talk, we will provide an overview of the packer industry and present real world test cases. We will do a deep technical dive into the internal workings of popular Android packers, exposing the different methods which protect the app's code. As a countermeasure, we will provide various techniques to circumvent them, allowing hackers and security researchers to unpack the secrets they withhold.

Presenters:

  • Avi Bashan - Mobile R&D Team Leader, Check Point
    Avi Bashan is a Team Leader at Check Point, former security researcher at Lacoon Mobile Security. His daily job is to play around with Android Internals, writing Linux kernel code and drinking a lot of coffee.
  • Slava Makkaveev - Security Researcher, Check Point
    Slava Makkaveev is a Security Researcher at Check Point. Slava has vast academic and professional experience in the security field. Slava's day to day is mostly composed from reversing and hacking malwares and operating systems for fun and profit.

Links:

Similar Presentations: